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Appl. No.: 10/644,841 

Reply to Office action of Aug. 30, 2007 

Amendments to the Claims: 

CLAIMS 

We claim: 

1 . (Currently amended) A security system for computers and/or 
computerized devices, comprising at least one of: 

a. A computer system wherein at least one of device drivers and/or an 
operating system and/or parts of it are in ring 0 but there is at least one 
more privileged area below ring 0, wherein there is a control system 
and/or security system which runs below the operating system; 

b. A computer system wherein at least one of device drivers and/or an 
operating system and/or parts of it are in ring 0 but there is at least one 
more privileged area below ring 0 and/or within ring 0, wherein there 
is a control system and/or security system which runs below the 
operating system, and wherein at least if said more privileged area is 
within ring 0, said control system and/or security system is adapted to 
catch exceptions caused by device drivers in ring 0 and/or by the 
operating system^ 

c. A system for segregation between programs and/or between virtual 

environments that is applied to at least one of hard disks and other 
storage media and/or other resources, wher e in there ar e resources that 
are shared between virtual e nvironments so that programs that are in a 
Virtual Environment are given the illusion that they ar e accessing said 
shared resources, but in reality if these programs make changes not 
explicitly allowed by the user in said shared resources, copy on write 
is used and/or said programs are redirected to another area so that said 
changes are only made in the virtual environment; 

d. A system for segregation between programs and/or between virtual 

environments that is applied to at least one of hard disks and other 
storage media, wherein at least for one or more shared resources 
and/or for one or more programs and/or in one or more conditions if a 
program makes a change or changes in a shared resource, copy on 
write is used and/or said program is redirected to another area so that 
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said changes are only made in th e virtual e nvironm e nt and/or in said 
other area to which the program is redirected; 

e. A system for segregation between programs and/or between virtual 

environments that is applied to at least one hard disk and/or other non 
volatile storage devices, wherein the system enables the user to 
interact with an integrated view of the desktop and/or of the file 
system, based on merged views of virtual environments, so that the 
user can interact w ith programs that are in a virtual environment w ithout 
having to switch to their virtual environment; 

f. A system that creates automatic segregation between programs that is 

applied to at least one of the hard disks and other storage devices 
wh e rein files and directories are involv e d; 

g. A system that creates automatic segregation between programs which 

the user can access, so that the directory structure in which a file is 
located automatically affects the access rights of other programs to it; 

h. A security system capable of automatic segregation of programs into 

their natural environments so that by default programs are allowed to 
fully access files only within their natural environment, which is 
mainly the directory in which the program is installed and its sub 
directories; 

i. A security system and/or firewall that identifies if the user or an 

application initiated at least one of accessing a file outside the natural 
environment or virtual environment said application, and at least one 
potential security risk command which is at least partially related to 
the hard disk or other non volatile storage d e vice, and so can allow 7 
more flexibility and/or less limitations and/or no limitations if the 
command was initiated directly by the user than if it was initiated by 
the application; 

j.A system and/or firewall that prevents programs from unauthorized 
trapping of the keyboard device in order to catch keystrokes of other 
programs, in order to prevent theft of data from the user's hard disk or 
other non volatile storage device. 

2. (Previously amended) The system of claim 1 wherein at least one of the 
following exists: 

a. A monitoring and capturing system, which monitors at least one 
of storage devices and communications devices; 
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b. A database of security rules, comprising at least one of: a set of 
default rules, a set of pre-distribution acquired rules that are good 
for many users of the selected operating system, and acquired 
additional user-defined rules or authorizations; and 

c. A user interface, which can interact with the user in order to at 
least one of: learn acceptable behavior patterns, warn the user of 
perceived dangers, wait for his authorization whenever necessary, 
and allow the user to view and modify the database of 
authorizations. 

3. (Original) The system of claim 2 wherein at least one of: 

a. Said user interface at least also warns the user explicitly in cases 
of potentially highly dangerous activities; 

b. Said database comprises also at least learned statistics of normal 
and reasonable behavior of programs in the user's computer; 

c. Said user interface at least also allows the user to view statistics 
of behavior of important programs and especially programs that 
are allowed to access communication channels, especially in 
what is related to sending and receiving data over the 
communication lines; 

d. Said database comprises also at least a log of the questions that 
the Security System asked the user and his replies kept at least 
for a certain period; and 

e. Said database comprises also at least, when needed, a log of 
suspicious activities detected kept at least for a certain period. 

4. (Previously amended) The system of claim 2 wherein the security rules 
and/or functions performed by the Security System comprise at least one of 
the following: 

a. Constantly monitoring the security- sensitive elements of the computer 
system, and mainly all relevant peripheral device activities, and 
especially storage devices and communication devices, and detecting 
and selectively intercepting security- sensitive behaviors, suspicious 
behaviors and dangerous behaviors and acting upon them in according 
with default and acquired sets of security rules; 

b. At least one of Warning the user and request for authorization and 
automatic interception for security- sensitive activities and especially 
any first- time attempts to access communication channels; 
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c. Enabling the user to request at least one of automatic blocking and 
warning of the user of any attempts of external programs from the 
network to connect to the user's computer through the communication 
channels; 

d. Interception and more explicit warning of the user about potentially 
highly dangerous activities; 

e. Warning the user about significant statistical deviations from normal 

f . behaviors of applications and operating system and especially as 
relates to suddenly sending out large amounts of data; 

g. Enabling the user to request enforcing of at least one of additional 
limitations on the communication ports allowed to be opened and 
when needed also limitations on types of protocols allowed; 

h. Monitoring and intercepting as much as possible all attempts of 
applications to gain direct port accesses to security sensitive devices 
and especially the storage media and the communication channels; 

i. Implementing Virtual Shared data areas on the storage media, for at 
least one of temporary files and accessing keys in the registry and 

j. other files, so that at least some programs are given the illusion that 

they are accessing the shared area, but in reality are each redirected to 

a separate private area; and 
k. Pushing at least part of the operating system from the most privileged 

processor ring to a lower privilege ring and enabling needed functions 

to run in said lower privilege ring. 

5. (Previously amended) The system of claim 1 wherein a hardware element is 
used which monitors hardware accesses, so that the Security System and/or said 
hardware element can discover events where access has been made to at least 
one of storage devices and communications devices without an apparent 
corresponding event on the system level. 

6. (Previously canceled). 

7. (Previously canceled). 

8. (Previously canceled). 

9. (Currently amended) A security method for computers and/or computerized 
devices, comprising at least one of the following steps: 

a. Using a computer system wherein at least one of device drivers and/or an 
operating system and/or parts of it are in ring 0 but there is at least one 
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more privileged area below ring 0, wherein there is a control system 
and/or security system which runs below the operating system; 

b. Using a computer system wherein at least one of device drivers and/or an 
operating system and/or parts of it are in ring 0 but there is at least one 
more privileged area below ring 0 and/or within ring 0, wherein there is a 
control system and/or security system which runs below the operating 
system, and wherein at least if said more privileged area is within ring 0, 
said control system and/or security system is adapted to catch exceptions 
caused by device drivers in ring 0 and/or by the operating system^ 

c. Using a system for segregation betw een programs and/or between virtual 

environments that is applied to at least one of hard disks and other storage 
media and/or other resources, wherein there are resources that are shared 
between virtual environments so that programs that are in a Virtual 
Environment are given the illusion that they are accessing said shared 
resources, but in reality if these programs make changes not explicitly 
allowed by the user in said shared resources, copy on write is used and/or 
said programs are r e directed to another area so that said changes are only 
made in the virtual environment; 

d. Using a system for segregation between programs and/or between virtual 

environments that is applied to at least one of hard disks and other storage 
media, wherein at least for one or more shared resources and/or for one or 
more programs and/or in one or more conditions if a program makes a 
change or changes in a shared resource, copy on write is used and/or said 
program is redirected to another area so that said changes are only made 
in the virtual environment and/or in said oth e r area to which the program 
is redirected; 

e. Using a system for segregation between programs and/or between virtual 

environments that is applied to at least one hard disk and/or other non 
volatile storage devices, wherein the system enables the user to interact 
with an integrated view of the desktop and/or of the file system, based on 
merged views of virtual environments, so that the user can interact w ith 
programs that are in a virtual environment without having to switch to 
their virtual environment; 

f. Using a system that creates automatic segregation between programs that is 

applied to at least one of the hard disks and other storage devices w herein 
files and directories are involved; 
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g. Using a system that creates automatic segregation betw e en programs which 

the user can access, so that the directory structure in which a file is 
located automatically affects the access rights of other programs to it; 

h. Using a security system capable of automatic segregation of programs into 

their natural environments so that by default programs are allowed to 
fully access files only within their natural environment, which is mainly 
the directory in which the program is installed and its sub directories; 

i. Using a security system and/or firew all that identifies if the user or an 

application initiated at least one of accessing a file outside the natural 
e nvironment or virtual environment said application, and at least one 
potential security risk command which is at least partially related to the 
hard disk or other non volatile storage device, and so can allow mor e 
flexibility and/or less limitations and/or no limitations if the command 
was initiated directly by the user than if it was initiated by the application; 
j. Using a system and/or firewall that prevents programs from unauthorized 
trapping of the keyboard device in order to catch keystrokes of other 
programs, in order to prevent theft of data from the user's hard disk or 
other non volatile storage device. 

10. (Previously amended) The method of claim 9 wherein and at least one of the 
following exists: 

a. Using a monitoring and capturing system, which monitors at least 
one of storage devices and communications devices; 

b. Using a database of security rules, comprising at least one of: a set 

of default rules, a set of pre-distribution acquired rules that are 
good for many users of the selected operating system, and 
acquired additional user-defined rules or authorizations; and 

c. Using a user interface, which can interact with the user in order to 

at least one of: learn acceptable behavior patterns, warn the user 
of perceived dangers and wait for his authorization whenever 
necessary. 

11. (Original) The method of claim 10 wherein at least one of: 

a. Said user interface at least also warns the user explicitly in cases 
of potentially highly dangerous activities; 

b. Said database comprises also at least learned statistics of normal 
and reasonable behavior of programs in the user's computer; 
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c. Said user interface at least also allows the user to view statistics 
of behavior of important programs and especially programs that 
are allowed to access communication channels, especially in 
what is related to sending and receiving data over the 
communication lines; 

d. Said database comprises also at least a log of the questions that 
the Security System asked the user and his replies kept at least 
for a certain period; and 

e. Said database comprises also at least, when needed, a log of 
suspicious activities detected kept at least for a certain period. 

12. (Previously amended) The method of claim 10 wherein the security rules 
and/or functions performed by the Security System comprise least one of the 
following: 

a. Constantly monitoring the security- sensitive elements of the computer 
system, and mainly all relevant peripheral device activities, and 
especially storage devices and communication devices, and detecting 
and selectively intercepting security- sensitive behaviors, suspicious 
behaviors and dangerous behaviors and acting upon them in according 
with default and acquired sets of security rules; 

b. At least one of Warning the user and request for authorization and 
automatic interception for security- sensitive activities and especially 
any first- time attempts to access communication channels; 

c. Enabling the user to request at least one of automatic blocking and 
warning of the user of any attempts of external programs from the 
network to connect to the user's computer through the communication 
channels; 

d. Interception and more explicit warning of the user about potentially 
highly dangerous activities; 

e. Warning the user about significant statistical deviations from normal 
behaviors of applications and operating system and especially as 
relates to suddenly sending out large amounts of data; 

f . Enabling the user to request enforcing of at least one of additional 
limitations on the communication ports allowed to be opened and 
when needed also limitations on types of protocols allowed; 

g. Monitoring and intercepting as much as possible all attempts of 
applications to gain direct port accesses to security sensitive devices 
and especially the storage media and the communication channels; 
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h. Implementing Virtual Shared data areas on the storage media, for at 
least one of temporary files and accessing keys in the registry and 
other files, so that at least some programs are given the illusion that 
they are accessing the shared area, but in reality are each redirected to 
a separate private area; and 

i. Pushing at least part of the operating system from the most privileged 
processor ring to a lower privilege ring and enabling needed functions 
to run in said lower privilege ring. 

13. (Currently amended) A security system for computers and/or computerized 
devices, comprising at least one of: 

a. A system that creates automatic segregation between programs that is 
applied to at least one of the hard disks and other storage devices 
wherein files and directories are involved; 

b. A system that creates automatic segregation between programs which 
the user can access, so that the directory structure in which a file is 
located automatically affects the access rights of other programs to it; 

c. A security system capable of automatic segregation of programs into 
their natural environments so that by default programs are allowed to 
fully access files only within their natural environment, which is mainly 
the directory in which the program is installed and its sub-directories; 

d. A computer security system capable of automatic segregation of 
programs into their natural environments so that at least for some 
programs each program is allowed to at least one of access, read, write, 
execute, create, and delete files only within its natural environment, 
which is mainly the directory in which it is installed and its sub- 
directories, and access to necessary system areas is based on virtual 
sharing. ^7 

14. (Currently amended) A security method for computers and/or computerized 
devices, comprising at least one of the following steps: 

a. Using a system that creates automatic segregation between programs 
that is applied to at least one of the hard disks and other storage devices 
wherein files and directories are involved; 

b. Using a system that creates automatic segregation between programs 
which the user can access, so that the directory structure in which a file 
is located automatically affects the access rights of other programs to it; 
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c. Using a security system capable of automatic segregation of programs 
into their natural environments so that by default programs are allowed 
to fully access files only within their natural environment, which is 
mainly the directory in which the program is installed and its sub- 
directories; 

d. Using a computer security system capable of A method of implementing 
security in computers by automatic segregation of programs into their 
natural environments so that at least for some programs each program is 
allowed to at least one of access, read, write, execute, create and delete 
files only within its natural environment, which is mainly the directory 
in which it is installed and its sub-directories, and access to necessary 
system areas is based on virtual sharing. t 

15. (Original) The Security system of claim 1 wherein the computer is at least 
one of: cellular phone, car computer, and other computerized gadget, and 
wherein at least one of: 

a. Access to highly sensitive data, such as credit card details or private 
encryption keys, needs explicit permission by the user. 

b. Any attempt to automatically generate an outgoing communication 
needs explicit permission by the user. 

c. Any attempts to alter at least one of EMROMM and important system 
files and sensitive data, need explicit permission by the user. 

16. (Currently amended) The system of claim 13 wherein the user is an 
organization and at least some of the control over authorizations is in the 
hands of at least one of: at least one central authority, and the system 
administrator. 

17. (Previously canceled). 

18. (Previously canceled). 

19. (Previously amended) The system of claim 1 wherein by default at least for 
some programs each program can only see itself and the operating system 
and the computer resources that it is allowed to see, so that it lives in a 
Virtual Environment (VE). 

20. (Currently amended) The system of claim 13 wherein the Security System 
identifies if the user or the application initiated at least one of accessing a file 
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outside the natural environment or virtual environment of the program, and at 
least one potential security-risk command which is at least partially related 
the disk or other non- volatile storage device, and so can allow more 
flexibility and/or less limitations and/or no limitations if the command was 
initiated directly by the user than if it was initiated by the application. 

2 1 . (Previously canceled). 

22. (Currently amended) The system of claim 13 wherein at least one of the 
following features exists: 

a. The Security System also makes sure that when it requests authorization 
no other programs can enter false answers as if they were entered by the 
user through one of the input devices; 

b. The Security System also makes sure that programs cannot create the 
false impression that certain actions were initiated by the user by 
falsifying user input through one of the input devices; 

c. In the cases where private keys are generated or stored by the browsers, 
additional rules are used in order to identify the directories where these 
keys are held; 

d. The communication with at least one of a keyboard and a mouse uses 
encryption in order to prevent falsifying user responses; 

e. The communication with at least one of a keyboard and a mouse uses 
encryption in order to prevent falsifying user responses, and said 
encryption includes also a date & time stamp; 

f. In order to protect the segregation of processes in memory, the Security 
System asks the user to explicitly authorize programs that he wants to 
allow to access APIs that allow accessing the memory of other 
processes; 

g. In order to prevent device drivers from accessing devices other then 
those that they are intended to access, each device driver must have a 
definite type indicator and is allowed to access only devices of the 
indicated type; 

h. Each device driver is also prevented from accessing other device drivers 
that can access other types of devices; 

i. Installed drivers can also be associated with Virtual Environments, and 
thus limited in the scope of their actions; 
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j. High security protected areas are at least one of: encrypted, marked with 
a finger print, and automatically backed up to as least one more area for 
additional safety. 

23. (Previously canceled). 

24. (Previously canceled). 

25. (Previously canceled). 

26. (Previously canceled). 

27. (Previously canceled). 

28. (Currently amended) The system of claim 13 wherein the Security System 
learns during the installation of new programs which files are related to them 
outside their directory tree. 

29. (Previously canceled). 

30. (Original) The system of claim 1 wherein the security system automatically 
blocks potentially highly dangerous activities or asks the user for explicit 
authorization, even if the user supposedly allowed this to an application 
through the dialog box. 

31. (Previously canceled). 

32. (Previously canceled). 

33. (Currently amended) A computer system wherein at least one of device 
drivers and/or the an operating system and/or parts of it are in ring 0 but there 
is at least one more privileged area below ring 0, wherein there is a control 
system and/or security system which runs below the operating system.r 

34. (Previously canceled). 

35. (Previously canceled). 

36. (Previously canceled). 

37. (Currently amended) The system of claim 13 wherein if an application 
changes after being given certain permissions, the user is notified about and 
asked again for permissions or such changes are automatically prevented or 
the changed application is automatically limited to a new VE. 
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38. (Currently amended) The system of claim 13 wherein at least one of the 
following features exist: 

a. The security system intercepts the operating system the moment it is 
being loaded into memory and transfers it to a higher ring so that any 
attempt by the operating system to access ring 0 will cause a CPU 
exception, and in order to increase efficiency the security system 
rewrites on the fly each such command in the operating system code 
which is running in the computer's RAM to access instead the current 
ring in which it is in, so that the next time that line of code is accessed 
in memory, the exception will not occur anymore until the next boot. 

b. The security system transfers only physical device drivers to a less 
privileged ring in order to be able to control direct access to physical 
devices. 

c. The operating system itself transfers physical device drivers to a less 
privileged ring in order to be able to control direct access to physical 
devices. 

d. At least one of the physical device drivers and the operating system 
are still in ring 0 but there is at least one more privileged area within 
ring 0 which can catch exceptions caused by at least one of device 
drivers in ring 0 and the operating system itself. 

e. At least one of the physical device drivers and the operating system 
are still in ring 0 but there is at least one more privileged area below 
ring 0 which can catch exceptions caused by at least one of device 
drivers in ring 0 and the operating system itself. 

39. (Previously canceled). 

40. (Previously canceled). 

41. (Previously amended) A computer system wherein at least one of device 
drivers and/or an operating system and/or parts of it are in ring 0 but there is 
at least one more privileged area below ring 0 and/or within ring 0, wherein 
there is a control system and/or security system which runs below the 
operating system, and wherein at least if said more privileged area is within 
ring 0, said control system and/or security system is adapted to catch 
exceptions caused by device drivers in ring 0 and/or by the operating system. 

42. (Original) The system of claim 1 wherein at least one part of the security 
system becomes active even if the computer is booted from at least one of a 
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floppy drive, CD, network drive, and any other source that is not the normal 
boot area. 

43. (Original) The system of claim 42 wherein at least one of the following 
features exist: 

a. Said activation is done by at least one of the BIOS and the processor 
itself before the normal boot sequence begins. 

b. If the security system discovers that the BIOS has been compromised 
or corrupted, it can at least one of issue a warning and restore it from 
various preferably hidden backups. 

c. The security system can determine that the bios has been 
compromised or corrupted by at least one of: if it was changed without 
authorization according to a digital signature and if it starts to behave 
suspiciously. 

d. When changes need to be made in at least one of the security system 
itself and the BIOS, a physical key needs to be physically attached to 
at least one of the computer amd any of its peripheral devices. 

44. (Previously canceled). 

45. (Original) The system of claim 19 wherein if an application launches 
another application, the newly launched application is limited to the VE of 
the launching application. 

46. (Original) The system of claim 1 wherein if users download many files into 
a single download directory, the security system at least one of: uses context 
sensitive information, and detects if a downloaded program starts looking at 
files that were downloaded at different times or starts going over the entire 
directory or tries to modify other executables in that directory. 

47. (Previously canceled). 

48. (Previously canceled). 

49. (Previously canceled). 

50. (Original) The system of claim 1 wherein the security system replaces at 
least some of the Operating System's dialogue boxes and other components 
that can request input from the user, so that the Security System has more 
control on what is happening in them. 
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51. (Currently amended) The system of claim 19 wherein programs are allowed 
to send OS messages only to programs which are running within their own 
Virtual Environments^ 

52. (Original) The system of claim 1 wherein the Security system replaces at 
least some of the OS functions that deal with the OS message system, and 
attaches to each message an identification that shows if the OS or another 
application is the source of the message, and the Security System allows 
certain messages to be initiated only by the OS. 

53. (Previously canceled). 

54. (Original) The system of claim 20 wherein at least one of the following 
features exist: 

a. In order to prevent misleading textual questions the Security system 
uses also at least partial semantic analysis of what the user is really 
being asked, by at least one of: analyzing sentence structures or at 
least significant word combinations and/or using various rules and/or a 
statistical database of commonly used questions. 

b. In order to prevent misleading textual questions the Security system 
guards at least the top line title of the dialogue box, so the when it is 
an "open file" dialogue box, it will always say so clearly, and if it is a 
"save file" dialog box it will always say so clearly. 

c. A new protocol is introduced for dialogue boxes, in which only the 
security systems runs completely the dialogue box and the programs 
have to indicate in a more structured format, what they want exactly. 

d. The security system automatically blocks potentially highly dangerous 
activities or asks the user for explicit authorization, even if the user 
supposedly allowed this to an application through the dialog box. 

55. (Previously canceled). 

56. (Currently amended) The system of claim §§-13 wherein the security system 
knows automatically about at least some highly important user files and 
directories, and at least one of the following features exist: 
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a. Said files are at least one of ".doc" files and source code files, and said 
directories are at least directories containing such files, at least if these 
files were created by the user. 

b. The security system can identify strategic files and/or directories by at 
least one of: using predefined rules; automatically marking programs 
as highly strategic according to the number and/or types of 
authorizations they have and/or by the fact that the user is using them 
interactively more than other programs or files or directories; and 
allowing the user explicitly to mark certain directories and/or certain 
file name extensions as highly protected. 

c. The user is explicitly warned by the security system about attempts of 
programs to access highly important user files or directories even if 
the user supposedly allowed the program to access them through the 
dialogue box - if the program is not normally associated with such 
files or directories. 

57. (Previously canceled). 

58. (Original) The system of claim 1 wherein the security system prevents 
running processes from at least one of: Changing their code in memory, and 
Changing the disk file of their executable code. 

59. (Previously canceled). 

60. (Previously amended) The system of claim 1 wherein the security system 
also prevents applications from accessing directly lower level functions that 
can access hard disks and/or other devices except by calling them through the 
normal kernel interface. 

61. (Original) The system of claim 19 wherein at least one of the following 
features exist: 

a. Unless explicitly given additional rights by the user all of the actions 
initiated by a program are automatically limited to the scope of its own 
VE. 

b. When a new program is being installed the user has the option of 
choosing a new VE for that program, or allowing it to become an 
update of an already existing VE, or allowing it to have free access to 
the entire computer. 
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c. The user is able to correct mistakes, at least for a certain time, by 
undoing the installation of programs, at least when they are installed in 
a limited VE. 

d. If shared drives are allowed, only the user is allowed to access files on 
shared drives on other computers, or each program is allowed to see 
and access in each shared drive only the same VE that it has on its 
own computer. 

e. If the user allows a newly installing program to inherit or overwrite an 
existing VE, the security system first creates a virtual private 
environment copy of the modified directories, at least for a certain 
period, so that the user can still request to undo this if he made a 
mistake, at least for a certain period. 

f . The security system backs up all the changed files or directories at 
least for a certain time and/or keeps a rollback log of all changes that 
were made to the relevant files and directories or even of all changes 
anywhere in at least one of the hard disk and other non- volatile storage 
devices, in order to enable the undo if the user needs it. 

g. Even when the user allows a program to be installed without VE 
limitations, any changes in the entire hard disk after or during the 
installation, are completely undo-able at least for a certain time period. 

h. Even if the user requested installation without VE limitation, the new 
program is first installed in a separate VE, and only after a certain time 
period or after the user authorizes it (and/or for example after the 
security system checks various parameters to see that things seem ok), 
the VE limitations are lifted or this VE is merged with the unlimited 
VE. 

62. (Original) The system of claim 1 wherein any changes that happen on at 
least one of the hard disk and other nonvolatile storage devices and other 
connected media are completely undo-able at least for a certain time period, 
by keeping a rollback log of all changes or of all significant changes. 

63. (Original) The system of claim 1 wherein the security system can identify at 
least one of strategic files and strategic directories by at least one of: using 
predefined rules; automatically marking programs as highly strategic 
according to the number and/or types of authorizations they have and/or by 
the fact that the user is using them interactively more than other programs or 
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files or directories; and allowing the user explicitly to mark certain 
directories and/or certain file name extensions as highly protected. 

64. (Original) The system of claim 1 wherein at least one of the Security System 
and the Operating system can alert the user and/or automatically prevent or 
take action if a malicious program tries to misuse at least one of the CPU 
resources, the free RAM memory, and the free space of the disk and/or other 
non-volatile storage devices and/or if it creates on purpose an artificial load 
on disk activity, and wherein at least one of the following is done: 

a. Taking over the free disk space is prevented by a default quota for each 
newly installed application, which can be changed by the user if needed. 

b. Creating false load on the disk activity can be prevented by detecting 
automatically suspect behaviors. 

c. The Security System and/or the Operating System automatically shows 
to the user and/or to the administrator in an organization, whenever any 
of the CPU and/or RAM resources become too low, or whenever 
significant deviations from normal statistics in this resources are 
detected, at least one of: Which applications are taking up most of these 
resources, the percent they are using, and, to the extent possible, what 
they are doing, and the VE of these processes. 

d. Automatically detecting by at least one of software and hardware in the 
CPU itself at least one of entering the CPU into useless loops and other 
suspect activities in the CPU. 

e. The OS or the Security System requests authorization from the user if a 
program requests Real-time priority or any other priority that can 
significantly slow down other processes, at least the first time it tries to 
get such priority or unless the user gives it such a privilege from then 
on. 

65. (Previously canceled). 

66. (Original) The system of claim 1 wherein the hardware of the CPU and/or 
the hardware of the disk itself does not allow any access to a file unless the 
software that tries to access it is identified as its rightful owner, by at least 
one of providing the appropriate password, and other means. 

67. (Previously presented) The system of claim 1 wherein at least in one mode and 
for at least some of the files and/or directories there is an indication near the file 



28/02/08 Yaron Mayer et. al. 



19/25 



and/or directory if it is a real file or a virtual file and/or the user and/or the 
administrator can see by clicking on the file and/or by the color of the file name 
or icon and/or by other indication, to which virtual environment it belongs. 

68. (Previously presented) The system of claim 1 wherein embedded objects or 
plug-ins are executed each at a separate VE but appear visually integrated, and at 
least one of the following features exists: 

a. There is no real connection between the two objects other than their 
internal communication stream; 

b. The security system filters or controls the communication between the 
two objects; 

c. The visual integration is implemented with the aid of a graphical proxy, 
which makes a combination of programs look as if they are integrated, 
while in reality they run in different Ves; 

d. Each COM (Component Object Module) server is allowed to run only in 
one VE, thus avoiding the situation where the same COM server could be 
giving services at the same time to programs that are on separate VEs. 

69. (Previously presented) The system of claim 1 further comprising a system for 
learning normal behavior statistics, and automatic detection of at least one of: 
unusual disk activity of applications and unusual sending out large amounts of 
data. 

70. (Previously presented) The system of claim 1 comprising a system for 
segregation between programs and/or between virtual environments that is 
applied to at least one of hard disks and other storage media and/or other 
resources, wherein there are resources that are shared between virtual 
environments so that programs that are in a Virtual Environment are given the 
illusion that they are accessing said shared resources, but in reality if these 
programs make changes not explicitly allowed by the user in said shared 
resources, copy-on- write is used and/or said programs are redirected to another 
area so that said changes are only made in the virtual environment. 

71. (Previously presented) The system of claim 1 comprising a system for 
segregation between programs and/or between virtual environments that is 
applied to at least one of hard disks and other storage media, wherein at least for 
one or more shared resources and/or for one or more programs and/or in one or 
more conditions if a program makes a change or changes in a shared resource, 
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copy-on- write is used and/or said program is redirected to another area so that 
said changes are only made in the virtual environment and/or in said other area 
to which the program is redirected. 

72. (Previously presented) The system of claim 1 comprising a system for 
segregation between programs and/or between virtual environments that is 
applied to at least one hard disk and/or other non- volatile storage devices, 
wherein the system enables the user to interact with an integrated view of the 
desktop and/or of the file system, based on merged views of virtual 
environments, so that the user can interact with programs that are in a virtual 
environment without having to switch to their virtual environment. 

73. (Previously presented) The system of claim 1 comprising a system that creates 
automatic segregation between programs that is applied to at least one of the 
hard disks and other storage devices wherein files and directories are involved. 

74. (Currently amended) The system of claim 1 comprising a system that creates 
automatic segregation between programs which the user can access, so that the 
directory structure in which a file is located automatically affects the access 
rights of other programs to it^ 

75. (Currently amended) The system of claim 1 comprising a security system 
capable of automatic segregation of programs into their natural environments so 
that by default programs are allowed to fully access files only within their 
natural environment, which is mainly the directory in which the program is 
installed and its sub-directoriest, 

76. (Previously presented) The system of claim 1 comprising a system and/or 
firewall that prevents programs from unauthorized trapping of the keyboard 
device in order to catch keystrokes of other programs, in order to prevent theft of 
data from the user's hard disk or other non- volatile storage device. 

77. (Previously presented) The method of claim 9 wherein a system for segregation 
between programs and/or between virtual environments is used that is applied to 
at least one of hard disks and other storage media and/or other resources, 
wherein there are resources that are shared between virtual environments so that 
programs that are in a Virtual Environment are given the illusion that they are 
accessing said shared resources, but in reality if these programs make changes 
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not explicitly allowed by the user in said shared resources, copy-on-write is used 
and/or said programs are redirected to another area so that said changes are only 
made in the virtual environment. 

78. (Previously presented) The method of claim 9 wherein a system for segregation 
between programs and/or between virtual environments is used that is applied to 
at least one of hard disks and other storage media, wherein at least for one or 
more shared resources and/or for one or more programs and/or in one or more 
conditions if a program makes a change or changes in a shared resource, copy- 
on-write is used and/or said program is redirected to another area so that said 
changes are only made in the virtual environment and/or in said other area to 
which the program is redirected. 

79. (Previously presented) The method of claim 9 wherein a system for segregation 
between programs and/or between virtual environments is used that is applied to 
at least one hard disk and/or other non- volatile storage devices, wherein the 
system enables the user to interact with an integrated view of the desktop and/or 
of the file system, based on merged views of virtual environments, so that the 
user can interact with programs that are in a virtual environment without having 
to switch to their virtual environment. 

80. (Previously presented) The method of claim 9 wherein a system that creates 
automatic segregation between programs is used that is applied to at least one of 
the hard disks and other storage devices wherein files and directories are 
involved. 

81. (Currently amended) The method of claim 9 wherein a system is used that 
creates automatic segregation between programs which the user can access, so 
that the directory structure in which a file is located automatically affects the 
access rights of other programs to itf^ 

82. (Currently amended) The method of claim 9 wherein a security system capable 
of automatic segregation of programs into their natural environments is used so 
that by default programs are allowed to fully access files only within their 
natural environment, which is mainly the directory in which the program is 
installed and its sub-directories-^ 
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83. (Currently amended) The method of claim 9 wherein a security system and/or 
firewall is used that identifies if the user or an application initiated at least one of 
accessing a file outside the natural environment or virtual environment said 
application, and at least one potential security-risk command which is at least 
partially related to the hard disk or other non- volatile storage device, and so can 
allow more flexibility and/or less limitations and/or no limitations if the 
command was initiated directly by the user than if it was initiated by the 
application^ 

84. (Previously presented) The method of claim 9 wherein a system and/or firewall 
is used that prevents programs from unauthorized trapping of the keyboard 
device in order to catch keystrokes of other programs, in order to prevent theft of 
data from the user's hard disk or other non- volatile storage device. 

85. (Previously presented) The system of claim 1 wherein at least one program is 
given the illusion that it installed itself on the root of a drive, but in fact it is 
installed in a lower directory. 

86. (Previously presented) The system of any claim 1 wherein said copy-on-write 
and/or redirection to another area for making changes is used at least in one or 
more cases when a program does not have sufficient rights to make changes in 
one or more files or directories or other shared resources. 

87. (Previously presented) The system of claim 1 wherein "at least in one or more 
cases" means "at least for one or more programs". 

88. (Previously presented) The system of claim 1 wherein at least for some 
programs the program is automatically first installed in a separate VE even if the 
user did not request to install the program within a virtual environment, and only 
after a certain time period or after the user authorizes it, and/or after the security 
system checks various parameters to see that things seem ok, the VE limitations 
are lifted or this VE is merged with the unlimited normal environment. 

89. (Previously presented) The system of claim 1 wherein programs can be given 
the illusion that they have accessed shared keys in the registry, while in practice 
they are redirected each to its individual private file of relevant registry keys. 
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90. (Previously presented) The system of claim 1 wherein said copy-on- write 
and/or redirection to another area for making changes is implemented at least 
when some programs need to install certain files in system directories. 

91. (Previously presented) The method of claim 9 wherein said copy-on- write 
and/or redirection to another area for making changes is implemented at least 
when some programs need to install certain files in system directories. 

92. (Previously presented) The system of claim 1 wherein virtual shared directories 
are implemented by giving a program a logical view of the shared directory or of 
only some of the files in it, so that if the program is allowed to see the file it sees 
the original copy, but if it changes files in the shared directory, said files will in 
reality be copied into files in the program's individual private area and changed 
only there. 

93. (Previously presented) The method of claim 9 wherein virtual shared directories 
are implemented by giving a program a logical view of the shared directory or of 
only some of the files in it, so that if the program is allowed to see the file it sees 
the original copy, but if it changes files in the shared directory, said files will in 
reality be copied into files in the program's individual private area and changed 
only there. 

94. (Previously presented) The system of claim 1 wherein at least one Internet 
browser is by default automatically limited to its natural environment or virtual 
environment. 



